public async Task VerifyCloudShellMsiRequestWithClientIdMockAsync()
{
using (new TestEnvVar("MSI_ENDPOINT", "https://mock.msi.endpoint/"))
using (new TestEnvVar("MSI_SECRET", null))
{
var response = new MockResponse(200);
var expectedToken = "mock-msi-access-token";
response.SetContent($"{{ \"access_token\": \"{expectedToken}\", \"expires_on\": {(DateTimeOffset.UtcNow + TimeSpan.FromSeconds(3600)).ToUnixTimeSeconds()} }}");
var mockTransport = new MockTransport(response);
var options = new AzureCredentialOptions()
{
Transport = mockTransport
};
ManagedIdentityClient client = InstrumentClient(new ManagedIdentityClient(options));
AccessToken actualToken = await client.AuthenticateAsync(MockScopes.Default, "mock-client-id");
Assert.AreEqual(expectedToken, actualToken.Token);
MockRequest request = mockTransport.Requests[0];
Assert.IsTrue(request.Uri.ToString().StartsWith("https://mock.msi.endpoint/"));
Assert.IsTrue(request.Content.TryComputeLength(out long contentLen));
var content = new byte[contentLen];
MemoryStream contentBuff = new MemoryStream(content);
request.Content.WriteTo(contentBuff, default);
string body = Encoding.UTF8.GetString(content);
Assert.IsTrue(body.Contains($"resource={Uri.EscapeDataString(ScopeUtilities.ScopesToResource(MockScopes.Default))}"));
Assert.IsTrue(body.Contains($"client_id=mock-client-id"));
Assert.IsTrue(request.Headers.TryGetValue("Metadata", out string actMetadata));
Assert.AreEqual("true", actMetadata);
}
}
public async Task VerifyAppServiceMsiRequestWithClientIdMockAsync()
{
using (new TestEnvVar("MSI_ENDPOINT", "https://mock.msi.endpoint/"))
using (new TestEnvVar("MSI_SECRET", "mock-msi-secret"))
{
var response = new MockResponse(200);
var expectedToken = "mock-msi-access-token";
response.SetContent($"{{ \"access_token\": \"{expectedToken}\", \"expires_on\": \"{DateTimeOffset.UtcNow.ToString()}\" }}");
var mockTransport = new MockTransport(response);
var options = new AzureCredentialOptions()
{
Transport = mockTransport
};
ManagedIdentityClient client = InstrumentClient(new ManagedIdentityClient(options));
AccessToken actualToken = await client.AuthenticateAsync(MockScopes.Default, "mock-client-id");
Assert.AreEqual(expectedToken, actualToken.Token);
MockRequest request = mockTransport.Requests[0];
Assert.IsTrue(request.Uri.ToString().StartsWith("https://mock.msi.endpoint/"));
string query = request.Uri.Query;
Assert.IsTrue(query.Contains("api-version=2017-09-01"));
Assert.IsTrue(query.Contains($"resource={Uri.EscapeDataString(ScopeUtilities.ScopesToResource(MockScopes.Default))}"));
Assert.IsTrue(query.Contains($"client_id=mock-client-id"));
Assert.IsTrue(request.Headers.TryGetValue("secret", out string actSecretValue));
Assert.AreEqual("mock-msi-secret", actSecretValue);
}
}
public async Task VerifyImdsRequestWithClientIdMockAsync()
{
using (new TestEnvVar("MSI_ENDPOINT", null))
using (new TestEnvVar("MSI_SECRET", null))
{
var response = new MockResponse(200);
var expectedToken = "mock-msi-access-token";
response.SetContent($"{{ \"access_token\": \"{expectedToken}\", \"expires_on\": \"3600\" }}");
var mockTransport = new MockTransport(response, response);
var options = new AzureCredentialOptions()
{
Transport = mockTransport
};
ManagedIdentityClient client = InstrumentClient(new ManagedIdentityClient(options));
AccessToken actualToken = await client.AuthenticateAsync(MockScopes.Default, clientId : "mock-client-id");
Assert.AreEqual(expectedToken, actualToken.Token);
MockRequest request = mockTransport.Requests[mockTransport.Requests.Count - 1];
string query = request.Uri.Query;
Assert.IsTrue(query.Contains("api-version=2018-02-01"));
Assert.IsTrue(query.Contains($"resource={Uri.EscapeDataString(ScopeUtilities.ScopesToResource(MockScopes.Default))}"));
Assert.IsTrue(query.Contains($"client_id=mock-client-id"));
Assert.IsTrue(request.Headers.TryGetValue("Metadata", out string metadataValue));
Assert.AreEqual("true", metadataValue);
}
}
public static void _client(this ManagedIdentityCredential credential, ManagedIdentityClient client)
{
typeof(ManagedIdentityCredential).GetField("_client", BindingFlags.Instance | BindingFlags.NonPublic).SetValue(credential, client);
}
